> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf > Of Kostas > Kalevras > Sent: vrijdag 2 juli 2004 16:49 > To: [EMAIL PROTECTED] > Subject: Re: Why radius when I have LDAP? > > > On Thu, 1 Jul 2004, Hans wrote: > > > Hello, > > > > This may seem a little strange question. > > > > I have my Linux(suse8.2) boxes handle login requests using > an LDAP server. > > The LDAP provides all that's needed, that is > username/password, userid, > > groupid, homedir etc. > > > > I could use radius to authenticate logins(user/pass), but > then I would still > > need a direct connection to LDAP for uid, gid, homedir etc, > because radius > > can not handle that kind of info! > > > > So: why would I want to use radius? I could do without it, > couldn't I? > > > > Gr, Hans > > LDAP is a user database. Only that. > RADIUS is an AAA infrastructure. > > The main advantage is that you can be server-side clever with > radius whilst with > ldap you need to have clever clients and update all the > clients when you add > features. You only need to update your radius server > configuration to add a new > feature. With radius you can have per user limits > (rlm_counter), expiration, > login time restrictions and make smart decisions based on the > incoming request > (ie if the request is from NAS XXX and user belongs to ldap > group YYY then > return a special set of attributes). > With RADIUS you also get accounting which can be really > important as well as a > nice web interface to administer all this. >
Ah. Ok. So Radius is indeed more than just a 'simple' interface to LDAP Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html